Building Securable Infrastructures

BSides Detroit 13 June 7-8, 2013 Abstract: This session asks the question: "How do I design my environment to be securable?" Until computing systems are designed and built with security and in mind we will be trapped in a cycle of post implementation Band-Aid style fixes. Without designing infrastructures from the ground up with security in mind and real attempt to defend against directed attacks will be largely unsuccessful. • How do we evaluate products in a systematic manor to eliminate vulnerabilities we invite into our environments? • Where is money more wisely spent: on developing quality security policies and guidelines? Or on buying, configuring, and maintaining security products? • What are critical questions that we should be asking our vendors when we are evaluating new products for our environments? Speaker: Steve Aiello